In March, Return Path was pleased to host the twice-yearly ETIS Anti-Spam Cooperation Group meeting in Berlin, Germany. ETIS is a membership-based organization which brings together all of the major telecommunications companies in Europe to discuss a broad range of information technology and policy issues, and the Anti Spam Co-operation Group is one of the most active committees.
A recurring theme in these meetings is that spam or other abuse which originates in one member’s network often terminates in another member’s network, just like a telephone call from Berlin to Rome starts within Deutsche Telekom and ends up within Telecom Italia. So by cooperating, using existing data and resources, the ETIS members could help each other find the spammers lurking within each others’ networks — and their customers’ networks, and their customers’ networks. “No matter how little spam our customers send other ISP’s,” says Helge Aksdal of Telenor’s Abuse Response Team, “we want to know about it.”
Led by representatives from KPN and TDC, the group started a project wherein each participant would create a set of spam traps, and share data collected by those traps with the network from which the messages originated — if that network operator is also participating in the project. It’s very similar to the complaint feedback loops common among North American ISPs and mailbox providers, yet fully adheres to European Union and local data privacy regulations.
Using the existing Abuse Reporting Format (ARF) standard and Return Path’s feedback report processing technology, the participating ETIS members have created systems which allow them to send, receive, and act upon these reports with a minimum of human intervention, reducing the time and expense of catching spammers.
Frank L., the Postmaster of TDC Denmark, explains why standardization and automation are so important. “Two years ago we signed up for a feedback loop to avoid being blocked by a huge ISP in the USA. We worked on these reports every day, but it seemed like nothing helped. We needed some numbers to be more efficient, so we made a perl script and this way had a fresh report of the top 100 IP addresses seen in the ARF reports every morning.”
Initially they’d receive 500 to 1,000 complaints daily for each of the top IP addresses in the report, but after further automating their internal processes that number dropped quickly. “We saw a great effect and other non-ARF complaints dropped as well, so we signed up for more feedback from different ISPs, simply because it is easier to work on a standard formatted report, than on user feedback where half of the information is often missing.”
“Today,” Frank says, “our top 100 report rarely shows over 10 complaints per IP.”
The group also uses aggregate data as a scorecard, measuring successful spam reduction between members over time — a friendly competition to see who can save their peers the most money.
The project is open to all ETIS members, including those who are not otherwise participating in the Anti Spam Co-operation Group. On behalf of the group, we invite all ETIS members to join this project — its’ success depends on wider participation. For more information and details on how to get started, please contact Fred Werner <[email protected]> or Raymond Gannon <[email protected]> — or find Ray at MAAWG next month.
Data derived from these spam trap messages is incorporated into Return Path’s Reputation Network Blacklist (RNBL), which is available for all participants to use in blocking or filtering decisions.
As for future plans, Helge Aksdal says “At the moment I’m just looking forward to see some more hits in our spamtraps, and in the future we want to make the FBL available globally so every ISP out there can start receiving data from the ETIS members.”
Editor’s Note: when the system becomes available to non-members, we’ll let you know here on the Received: blog.